1. Home
  2. Cisco Systems
  3. capture question pix 6.3

capture question pix 6.3

hi, trying to debug syslog, admin tells me, he doesnt receive any packets, obviously pix (172.27.0.156.514)is sending syslog messages on udp port 514, which is the port the syslog server is listening on. i see this in my capture file:

11:40:00.312972 172.27.0.156.514 > 172.27.0.103.514: udp 118

11:40:00.313170 172.27.0.156.514 > 172.27.0.103.514: udp 118

11:40:00.414651 172.27.0.156.514 > 172.27.0.103.514: udp 119 11:40:00.414834 172.27.0.156.514 > 172.27.0.103.514: udp 119

11:40:01.294647 172.27.0.156.514 > 172.27.0.103.514: udp 183

11:40:01.304549 172.27.0.156.514 > 172.27.0.103.514: udp 183

BUT: what are these numbers at the end?

and since this is udp i am not supposed to see return packets, right?

tia M

Reply to
mak
Loading thread data ...

Packet lengths?

Reply to
Michał Iwaszko

Some syslog servers require that the admin specifically allow the source -- that is, if they receive a syslog packet from a system they haven't been configured to pay attention to, they will ignore the packet. (Such packets would still be seen by a "sniffer" running on the destination system through.)

Reply to
Walter Roberson

makes sense, otherwise you could "spam" a syslogserver,

still, what are these numbers? is it the packet length?

thanks, M

Reply to
mak

Yes.

Reply to
Walter Roberson

ok, pix logged in a directory that the admin didn't check...so again, it was NOT the firewalls fault :-)

thanks walter, M

Reply to
mak

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.